A DHCPv6 package could compromise a vulnerable Linux system

A security error in Systemd can be exploited over the network for, at best, potentially blocking a vulnerable Linux machine or, in the worst case, executing malicious code, as reported by digital forensic experts from the International Institute of Cyber Security.

Therefore, the flaw puts Linux computers that work with Systemd, specifically those using Systemd network, at risk of a remote hijacking: DHCPv6 packages created for malicious purposes might attempt to exploit the schedule list and arbitrarily changing parts of memory into vulnerable systems, leading to a possible code execution. If successful, this malicious code could install malware, spyware, or other malicious developments.

The vulnerability, which was revealed this week, resides within the DHCPv6 client of the Systemd Open Source Management suite, which is integrated into several versions of Linux, according to experts in cybersecurity and digital forensics reports.

This client automatically activates if IPv6 support is enabled and relevant packets arrive for processing. Therefore, a fraudulent DHCPv6 server on a network could emit specially designed router advertising messages that wake up these customers, exploit the error and possibly hijack or ruin the Linux machines powered by Systemd.

Felix Wilhelm, from Google’s cybersecurity and digital forensics team, was credited with the vulnerability disclosing, which was assigned the key CVE-2018-15688. Wilhelm discovered that a specially crafted DHCPv6 network package could trigger “a very powerful and largely controlled write-off”, which could be used by a hacker to inject and execute code remotely.

“Overflow can be triggered with relative ease by announcing a DHCPv6 server with a server ID with 493 characters or longer”, said Wilhelm.

In addition to Ubuntu and Red Hat Enterprise Linux, Systemd has been adopted as a service manager for Debian, Fedora, CoreOS, Mint and SUSE Linux Enterprise Serve, not all distributions use the vulnerable component by default.

The creator of Systemd, Lennart Poettering, has already published a security solution for the vulnerable component; digital forensics experts believe that there is a possibility that this solution will be extended to other vulnerable Linux distributions.

If a user runs a system-based Linux system, and relies on a systemd-based network, they must update their operating system as soon as possible to implement the solution when it is available and as needed.